10 Frequently Asked Questions In A Cybersecurity Job Interview

Cybersecurity is one of the fastest-growing fields in emerging tech. With the big shift from traditional technologies, organisations are now opening numerous job positions for cybersecurity professionals. According to a report, between January 2017 and March 2018, job postings by Indian employers for cybersecurity roles increased by 150%. The job growth in this sector is also slated to grow by 37% per year at least until 2022.

In this article, we list down 10 most frequently asked questions during a cybersecurity interview.

1| What Is The Difference Between Threat, Vulnerability, And Risk?

Threat, vulnerability and risk are factors related to cyberattacks. A threat is basically an agent which has the potential to cause harm in a target organisation. It includes malware and spyware, among other threat. A vulnerability can be said as a weakness in a security program within the organisation which may be caught by a hacker. Lastly, a risk is a potential for loss when a system has a vulnerability within the organisation.

2| Describe Traceroute

A traceroute is a command-line utility which basically measures the speed as well as route that data takes to a destination server. It works by transmitting the TTL (Time To Live) value through packets. It can help a user to diagnose where the breakdown of communications have occurred.

3| What Do You Mean By CIA? Why Is It Important?

CIA is a security model which helps in guiding the security policies within an organisation. CIA stands for Confidentiality, Integrity and Availability. Confidentiality controls access to information, integrity assures the accurateness of sensitive data while availability is the assurance of reliability as well as constant access to the sensitive data by the authorised professionals.

4| Difference Between HTTPS, SSL & TLS

HTTPS (Hypertext Transfer Protocol Secure) is a protocol which is used to communicate or exchange information. SSL (Secure Sockets Layer) is a standard cryptographic protocol which enables secure communications over the internet. TLS (Transport Layer Security) can be said as the successor of SSL. It is similar to SSL and provides additional and better protection of data than SSL.

5| What Is A Three-Way Handshake?

A three-way handshake, also known as TCP handshake is a method used in the TCP-IP network to create a connection between a local host/client and server. This method requires both the client and server to exchange SYN and ACK packets before the actual communication of data begins.

6| What Is End-To-End Email Encryption? How Does It Work?

End-to-end email encryption is a procedure of transmitting data where only the sender and receiver are able to read email messages. This method requires both the sender and the receiver to have a pair of cryptographic keys. The sender encrypts the message locally on his/her device using the recipient’s public key. The receiver decrypts it on his/her device using his/her private key.

7| Difference Between Symmetric & Asymmetric Encryption

Asymmetric encryption is also known as public-key cryptography which uses two keys to encrypt a plain text. Popular asymmetric key encryption algorithm includes ElGamal, RSA, DSA, etc. It is mostly used in day-to-day communication channels. Symmetric encryption involves only one secret key to cipher as well as decipher any information. The secret key can either be a number, a word or a string of random letters.

8| How Do Encoding, Hashing & Encryption Differ?

Encoding, encryption, and hashing are kind of similar terms and can create confusion sometimes. In the Encoding method, the data is transformed into a form which is readable by most of the systems and can be used by any external process. Encryption can be said as an encoding technique where the data is encoded in such a way that only authorised users can access the data. Hashing ensures integrity by converting the data into a hash function, which can be any number generated from string or text.

9| What Is Social Engineering Attack?

The act of manipulating a user of a computing system to reveal confidential information which can be used to gain unauthorised access to a computer system is known as social engineering attack. Some of the common techniques are familiarity exploit, phishing, intimidating circumstances, tailgating, etc.

10| How Can You Defend Yourself From Cross-Site Scripting Attack?

Cross-Site Scripting attack or XSS can be said as one of the most common vulnerabilities which can be found in applications. There are three main types of cross-site scripting attacks: Stored (or persistent) XSS, reflected XSS and DOM-based XSS. It is very difficult to remove this type of vulnerabilities. Methods such as escaping, validating input and sanitizing can help in preventing such type of attacks.

Provide your comments below

A Technical Journalist who loves writing about Machine Learning and Artificial Intelligence. A lover of music, writing and learning something out of the box. Contact: ambika.choudhury@analyticsindiamag.com